samedi 8 septembre 2012

Windows 8 and DirectAccess 2012


Hi everyone,

As you know, with windows 7 and directaccess, a tool is necessary to determine easily if the directaccess connection is working. The tool enables the end user to disable the directaccess connection if it’s not working. It enables the end user to send information about the connection to the help desk team.

clip_image001

This tool is not necessary with windows 8! This functionality is included by default.

How do we configure it?
On the directaccess server with the command :Set-DAClientExperienceConfiguration

What are the parameters?

Firstly, we need to choose the Gpo where these settings will be stored: –policystore

-Friendlyname : Specifies the name of the DirectAccess deployment to be shown in the client computer user interface.

-CorporateResources : Configures the connectivity tests that DirectAccess client computers use to determine connectivity.

-IPsecTunnelEndpoints : Configures the IPsec tunnel endpoints to use for DirectAccess. Client computers use this information to verify the availability of the DirectAccess servers and present that information to the user.

-PreferLocalNamesAllowed: Controls if users can disconnect DirectAccess.

-SupportEmail: Configures the email address displayed in the user interface for users to send logs and requests for assistance.

Together :
clip_image002

Verify the Gpo
clip_image003

Ok, now let’s check on the client!
image

The settinga are deployed. Let’s check the behaviour. The connection name is well configured and the user can disconnect the tunnel, so disable the nrpt Table

image

Right-click, view connection properties
image

We see the connection status, we can send the logs by email and we can view the logs
image

The logs have been improved!
image

The information are sorted. I can see that i can’t ping my second public ip. (I need to write a rule in my edge firewall Sourire )

As a conclusion, directaccess rocks!

Aucun commentaire:

Enregistrer un commentaire